"For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable (USB devices) is automatically disabled."

However, Sophos researcher Graham Cluley warned that attacks can be initiated automatically via Windows Explorer - even with AutoRun and AutoPlay disabled.

"The chances of that occurring has increased over the weekend, as a hacker called Ivanlef0u published proof-of-concept code onto the Internet. What is of particular concern, of course, is that other malicious hackers might try to exploit the vulnerability - as it would certainly be a useful tool in any malware's arsenal," Cluley wrote in a Sophos blog post.

"In the past we've seen worms (Conficker is perhaps the most famous example) spread successfully via USB devices, which prompted many firms to disable AutoPlay. [So], there is [definitely] a real risk that more malware will take advantage of the zero-day exploit now the code is 'out there,' taking things to a whole new level."